17th Annual Computer Security Applications Conference
December 10-14, 2001
New Orleans, Louisiana

Technical Program

Technical Program Features and Organization

Track A and B sessions consist of technical papers, panels, and fora. All technical papers have undergone an anonymous peer review process and describe the latest developments in security implementations and applications-oriented research. Panel sessions are tailored to stimulate discussion of today's pressing issues. The fora sessions provide different perspectives on a single topic of interest or report the results of implementation activities. Track C presentations allow providers of products and/or services an opportunity to describe the innovative ways in which their products or services are being used to implement secure systems. The Case Studies will include presentations on capabilities and applications of information security products to realistic civil, defense, and commercial problems. This track will feature system integrators, designer, and architects from the government and private sector. Displays will also be open on Wednesday during the evening reception and on Thursday during breaks between the sessions.


Wednesday, December 12, 2001

General Session

7:30 Registration
8:30 Opening Remarks Daniel Faigin, Conference Chair, The Aerospace Corporation, USA
8:35 Welcome to New Orleans Hotel Manager
8:40 Distinguished Practitioner Bob Blakley, Tivoli Systems - An IBM Company, USA
Castles in the Sand
9:50 Student Paper Award Brenda Timmerman, Student Chair, California State University, Northridge, USA
9:55 Technical Program Introduction Jeremy Epstein, Program Chair, webMethods, USA
10:00 BREAK
10:30 Intrusion Detection I
Chair: Daniel Faigin, The Aerospace Corporation, USA

  • IntruDetector: A Software Platform for Testing Network Intrusion Detection Systems§, Tao Wan and Xue Dong Yang, University of Regina, CANADA
  • Mining Alarm Clusters to Improve Alarm Handling Efficiency§, Klaus Julisch, IBM Research, SWITZERLAND
  • Managing Alerts in a Multi-intrusion Detection Environment§, Frédéric Cuppens, ONERA, FRANCE
  • Implementing the Intrusion Detection Exchange Protocol§, Roy Pollock, Greg Matthews, Tim Buchheim, and Mike Erlinger, Harvey Mudd College, USA; Ben Feinstein, Guardent, USA; Joseph Betser and Andy Walther, The Aerospace Corporation, USA
  • Security Architecture
    Chair: Christoph Schuba, Sun Microsystems, GERMANY

  • Information Flow Analysis of Component-Structured Applications§, Peter Herrmann, University of Dortmund, GERMANY
  • Security Policy Enforcement at the File System Level in the Windows NT Operating System Family§, Stephen Wolthusen and Silviu Burtescu, Fraunhofer-IGD, GERMANY
  • Java Security Extensions for a Java Server in a Hostile Environment§, David Wheeler, Adam Conyers, Jane Luo, and Alex Xiong, Intel, USA
  • Genoa TIE, Advanced Boundary Controller Experiment§, Eric Monteith, NAI Labs, USA
  • Assessment
    Chair: Brooke Jenkins, ACS Defense, USA

  • Assessing Internet Application Risk, Marybeth Panock, Fidelity Investments Systems Company, USA
  • An IT Safety Index: Measuring Security Risks Caused by Rapid Capacity Expansion and Loss of Repeatable Builds, Gene Kim, Tripwire, USA
  • Computer Security Expert Assist Team (CSEAT), Kathy Lyons-Burke, National Institute of Standards and Technology, USA
  • 12:30 LUNCH
    1:30 Cryptography
    Chair: Andre Luiz Moura dos Santos, Georgia Tech, USA

  • A JCA-based Implementation Framework for Threshold Cryptography§, Yih Huang, David Rine, and Xunhua Wang, George Mason University, USA
  • The Performance Measurement of Cryptographic Primitives on Palm Devices§, Duncan Wong, Hector Ho Fuentes, Agnes Chan, Northeastern University, USA
  • Privacy-preserving Cooperative Statistical Analysis§, Wenliang Du and Mikhail Atallah, Purdue University, USA
  • FORUM - Creating and Implementing a Common Message and Protocol for Intrusion Detection Alerts
    Chair: Mike Erlinger, Harvey Mudd College, USA

  • Stuart Staniford, Silicon Defense, USA
  • Mark Wood, Internet Security Systems, USA
  • Ben Feinstein, Guardent, USA
  • Andy Walther, The Aerospace Corporation, USA
  • PKI
    Chair: Natalie Givans, Booz Allen & Hamilton, USA

  • Role-Based Access Control with SingleSignOn.Net's Practical PKI Appliance, Ravi Sandhu, SingleSignOn.Net, USA
  • PKI and Certificate Management: A New Model of Authentication, Peter Tapling, Authentify, USA
  • 3:00 BREAK
    3:30 Access Control I
    Chair: Michael Clifford, The Aerospace Corporation, USA

  • Detecting Conflicts in a Role-Based Delegation Model§, Andreas Schaad, University of York, UK
  • Engineering of Role/Permission Assignments§, Pete Epstein, AT&T, USA; Ravi Sandhu, George Mason University, USA
  • A Framework for Multiple Authorization Types in a Healthcare Application System§, Ramaswamy Chandramouli, National Institute of Standards and Technology, USA
  • Determining Privileges of Mobile Agents§, Wayne Jansen, National Institute of Standards and Technology, USA
  • Classic Papers
    Chair: Dan Thomsen, Secure Computing, USA

  • Building Reliable Secure Computing Systems out of Unreliable Insecure Components§, John Dobson and Brian Randell, University of Newcastle upon Tyne, UK
  • A Security Model for Military Message System§, Carl Landwehr, National Science Foundation, USA; Constance Heitmeyer and John McLean, Naval Research Laboratory, USA
  • An Information Flow Tool for Gypsy§, John McHugh, CERT/CC, USA
  • Firewalls
    Chair: Louise DavidsonUS Navy, USA

  • How Not to Configure Your Firewall: A Field Guide to Common Firewall Misconfigurations, Avishai Wool, Lumeta, USA
  • Creating Shared e-Business Servers with the 3Com Embedded Firewall, Tom Haigh, Secure Computing, USA
  • Obtaining an ROI with Telecommunication Firewalls, Gregory White, University of Texas San Antonio, USA
    Wednesday Conference Reception
    The reception is included in the conference registration fee.
    Guest ticket can be ordered on the pre-registration form for $35.00

    § This symbol indicates papers that were anonymously peer reviewed by four or more reviewers before acceptance.

    [ Thursday ] [ Friday ]